cmd/go: suppress SSH password prompts when fetching modules or repos

We were already setting GIT_SSH_COMMAND (if unset) to explicitly
include 'ControlMaster=no' in order to disable connection pooling.
Now we also set 'BatchMode=yes' to suppress password prompts for
password-protected keys.

While we're here, we also set GCM_INTERACTIVE=never to suppress
similar prompts from the Git Credential Manager for Windows.

Fixes #44904

Change-Id: Iebb050079ff7dd54d5b944c459ae212e9e6f2579
Reviewed-on: https://go-review.googlesource.com/c/go/+/300157
Trust: Bryan C. Mills <bcmills@google.com>
Run-TryBot: Bryan C. Mills <bcmills@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Jay Conrod <jayconrod@google.com>

diff --git a/doc/go1.17.html b/doc/go1.17.html
index 0521f9fd919526e0fa221267158c60fa4f525bc1..6aa9d5b876f20cd0f3a8afb855b85bff5e9048a2 100644 (file)
--- a/doc/go1.17.html
+++ b/doc/go1.17.html
@@ -138,6 +138,17 @@ Do not send CLs removing the interior tags from such phrases.
   module root when invoked within the <code>vendor</code> tree.
 </p>
 
+<h4 id="password-prompts">Password prompts</h4>
+
+<p><!-- golang.org/issue/44904 -->
+  The <code>go</code> command by default now suppresses SSH password prompts and
+  Git Credential Manager prompts when fetching Git repositories using SSH, as it
+  already did previously for other Git password prompts. Users authenticating to
+  private Git repos with password-protected SSH may configure
+  an <code>ssh-agent</code> to enable the <code>go</code> command to use
+  password-protected SSH keys.
+</p>
+
 <h2 id="runtime">Runtime</h2>
 
 <p>

diff --git a/src/cmd/go/internal/get/get.go b/src/cmd/go/internal/get/get.go
index 4c57ee3518c600598850e477cc9ca0d015b1f205..c28bce8cfcdd31c3c0e1ecbed625f840448009d9 100644 (file)
--- a/src/cmd/go/internal/get/get.go
+++ b/src/cmd/go/internal/get/get.go
@@ -126,7 +126,7 @@ func runGet(ctx context.Context, cmd *base.Command, args []string) {
                base.Fatalf("go get: -insecure flag is no longer supported; use GOINSECURE instead")
        }
 
-       // Disable any prompting for passwords by Git.
+       // Disable any prompting for passwords by Git itself.
        // Only has an effect for 2.3.0 or later, but avoiding
        // the prompt in earlier versions is just too hard.
        // If user has explicitly set GIT_TERMINAL_PROMPT=1, keep
@@ -136,7 +136,10 @@ func runGet(ctx context.Context, cmd *base.Command, args []string) {
                os.Setenv("GIT_TERMINAL_PROMPT", "0")
        }
 
-       // Disable any ssh connection pooling by Git.
+       // Also disable prompting for passwords by the 'ssh' subprocess spawned by
+       // Git, because apparently GIT_TERMINAL_PROMPT isn't sufficient to do that.
+       // Adding '-o BatchMode=yes' should do the trick.
+       //
        // If a Git subprocess forks a child into the background to cache a new connection,
        // that child keeps stdout/stderr open. After the Git subprocess exits,
        // os /exec expects to be able to read from the stdout/stderr pipe
@@ -150,7 +153,14 @@ func runGet(ctx context.Context, cmd *base.Command, args []string) {
        // assume they know what they are doing and don't step on it.
        // But default to turning off ControlMaster.
        if os.Getenv("GIT_SSH") == "" && os.Getenv("GIT_SSH_COMMAND") == "" {
-               os.Setenv("GIT_SSH_COMMAND", "ssh -o ControlMaster=no")
+               os.Setenv("GIT_SSH_COMMAND", "ssh -o ControlMaster=no -o BatchMode=yes")
+       }
+
+       // And one more source of Git prompts: the Git Credential Manager Core for Windows.
+       //
+       // See https://github.com/microsoft/Git-Credential-Manager-Core/blob/master/docs/environment.md#gcm_interactive.
+       if os.Getenv("GCM_INTERACTIVE") == "" {
+               os.Setenv("GCM_INTERACTIVE", "never")
        }
 
        // Phase 1. Download/update.

diff --git a/src/cmd/go/internal/modload/init.go b/src/cmd/go/internal/modload/init.go
index 88d647d9eafd2d743e5d3469d8905e65699733a7..99c0c2b9811aaca1918954ea5d1731810f4603c7 100644 (file)
--- a/src/cmd/go/internal/modload/init.go
+++ b/src/cmd/go/internal/modload/init.go
@@ -163,7 +163,11 @@ func Init() {
        // assume they know what they are doing and don't step on it.
        // But default to turning off ControlMaster.
        if os.Getenv("GIT_SSH") == "" && os.Getenv("GIT_SSH_COMMAND") == "" {
-               os.Setenv("GIT_SSH_COMMAND", "ssh -o ControlMaster=no")
+               os.Setenv("GIT_SSH_COMMAND", "ssh -o ControlMaster=no -o BatchMode=yes")
+       }
+
+       if os.Getenv("GCM_INTERACTIVE") == "" {
+               os.Setenv("GCM_INTERACTIVE", "never")
        }
 
        if modRoot != "" {